Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

All Articles

Home
All Articles
Cloud Security Alliance Offers Recommendations for Using Customer Controlled Key Store

Press Release Published: 09/27/2022

Document offers guidance for implementing a key management system (KMS) that is a dependency of a cloud service without being hosted by the serviceSEATTLE – Sept. 27, 2022 – The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications and bes...

8 Common Cloud Misconfiguration Types (And How to Avoid Them)

Blog Published: 09/27/2022

Originally published by Vulcan Cyber here. Written by Roy Horev, Vulcan Cyber. Cloud misconfiguration refers to any errors, glitches, or gaps in the cloud environment that could pose a risk to valuable information and assets. It occurs when the cloud-based system is not correctly configured by th...

Takeaways From the New Healthcare Interoperability Report

Blog Published: 09/26/2022

Continuing to examine important healthcare information security topics, CSA’s Health Information Management Working Group has released a new report on Healthcare Interoperability. The purpose of this report is to examine the current state of interoperability according to the Office of the Nationa...

Stolen Cookies Enabling Financial Fraud

Blog Published: 09/26/2022

Originally published by Ericom here. Written by Nick Kael, CTO, Ericom Software. Multi-Factor Authentication (MFA) is one of the most frequently recommended best practices for securing data and applications, designed to prevent even cybercriminals who have compromised user credentials in hand fro...

The Ongoing Cyber Threat to Critical Infrastructure

Blog Published: 09/26/2022

Originally published by Thales here.Written by Marcelo Delima, Senior Manager, Global Solutions Marketing, Thales.The effects of cyberattacks on critical infrastructure can be catastrophic. Security breaches in this sector can be incredibly disruptive to society and are attracting considerable at...

SAP S/4HANA: 5 Ways to Build In Security From the Start

Blog Published: 09/26/2022

Originally published by Onapsis here. Many SAP customers are currently at the point of either planning or executing a transformation to SAP’s next generation ERP, S/4HANA. More than 18,800 companies[1] have adopted SAP S/4HANA and thousands more are in the process of migrating to the new platform...

What is IoT Security?

Blog Published: 09/25/2022

Internet of Things (IoT) devices describe a variety of non-traditional, physical objects including medical devices, cars, drones, simple sensors, and more. IoT represents objects that exchange data with other systems over the internet or other networks. IoT security is the practice of securing th...

The Biggest Cloud and Web Security Concerns Today

Blog Published: 09/24/2022

With the continuation of remote work and newsworthy cyber attacks, organizations are struggling to adapt their overall security strategies to the changing landscape. To get a better understanding of the industry’s current attitudes regarding cloud and web security risks, Proofpoint commissioned C...

Survey: What Short Training Courses Most Interest You?

Blog Published: 09/24/2022

CSA is in the process of developing our Cloud Infrastructure Security Training, a series of 1 hour training courses. These courses provide a high-level primer on some of the most critical cloud security topics. Based on research by CSA’s expert working groups, they build upon your cybersecurity k...

How Sensitive Cloud Data Gets Exposed

Blog Published: 09/23/2022

Originally published by Sentra here. When organizations began migrating to the cloud, they did so with the promise that they’ll be able to build and adapt their infrastructures at speeds that would give them a competitive advantage. It also meant that they’d be able to use large amounts of data t...

Supply Chain Challenges in the Shadow of Digital Threats

Blog Published: 09/23/2022

Originally published by HCL Technologies here. Written by Andy Packham, SVP & Chief Architect, HCL Microsoft Business Unit. In a monumental move toward greater organizational safety, the US government’s recent Cybersecurity Executive Order marks a major paradigm shift in the battle against di...

Monitor Your SaaS Environment for Three Common SaaS Misconfigurations

Blog Published: 09/23/2022

Originally published by AppOmni here. Written by John Whelan, Senior Director of Product Management, AppOmni. SaaS is ubiquitous across the enterprise and accounts for approximately 70% of software usage in companies. And SaaS usage is growing, with thousands of SaaS applications available to...

Do You Really Need a Service Mesh?

Blog Published: 09/22/2022

Originally published by Tigera here. Written by Phil DiCorpo, Tigera. The challenges involved in deploying and managing microservices have led to the creation of the service mesh, a tool for adding observability, security, and traffic management capabilities at the application layer. While a serv...

Are You Ready for a Slack Breach? 5 Ways to Minimize Potential Impact

Blog Published: 09/22/2022

Originally published by Mitiga here. Written by Ofer Maor, Co-Founder and Chief Technology Officer, Mitiga. TL; DRAs Slack becomes a dominant part of the infrastructure in your organization, it will become a target for attacks and at some point, it is likely to be breached (just like any other te...

Attention CISOs: The Board Doesn’t Care About Buzzwords

Blog Published: 09/22/2022

Originally published by Lookout here. Written by Paul Simmonds, Global Identity Foundation. We live in an IT world surrounded by buzzwords that are largely marketing gimmicks. Zero Trust, for example, is a concept no one actually understands and is slapped onto everything, including derivativ...

The Anatomy of Wiper Malware, Part 1: Common Techniques

Blog Published: 09/21/2022

Originally published by CrowdStrike here. Written by Ioan Iacob and Iulian Madalin Ionita, CrowdStrike. This blog post is the first in a four-part series in which an Endpoint Protection Content Research Team will dive into various wipers discovered by the security community over the past 10 years...

3 Trends from Verizon’s 2022 Data Breach Investigations Report

Blog Published: 09/21/2022

Originally published by Authomize here. Written by Gabriel Avner, Authomize. The Verizon Data Breach Investigations Report is essentially infosec’s report card. It comes out right before summer vacation and gives us an ~120 page snapshot of the state of security. The findings, much like my report...

Comments on NIST Special Publication 1800-35B, ‘Implementing a Zero Trust Architecture’ Volume B

Blog Published: 09/21/2022

Originally published by Gigamon here. Written by Ian Farquhar and Orlie Yaniv, Gigamon. Editor’s note: As a supplier of network software and hardware to multiple U.S. government agencies, Gigamon reviews and comments on many draft standards and documents issued by government agencies. This has ac...

Learning Not to Step on Lego: Blast Radius, Cloud Sprawl, and CNAPP

Blog Published: 09/20/2022

Originally published by CXO REvolutionaries here. Written by Martyn Ditchburn, Director of Transformation Strategy, Zscaler. Ever stepped on a Lego block? It hurts, doesn’t it!If not, imagine for a moment that it’s 2 a.m. and you’re navigating your way to the bathroom in the dark. Your child has ...

Being a Good Cyber Citizen in a Digital World

Blog Published: 09/20/2022

Originally published by KPMG here. Written by Akhilesh Tuteja, Global Cyber Security Practice Leader, KPMG India. For organizations across all industries, cyber security has become an increasingly important board issue with growing public debate and scrutiny. And its connection to the environment...

Looking for the CCM?

Start using the Cloud Controls Matrix to simplify compliance with multiple standards & regulations.

Learn more
 
« First
72
73
74
76
78
79
80
Last »